Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/ebf6cb-a779-464f-8bee-8f08e0272df8/1/AXNbFMVh1Tk5cNlykU1ym5BzwLc.roa
File:                     AXNbFMVh1Tk5cNlykU1ym5BzwLc.roa (raw, json)
Hash identifier:          JzBdFKHug4ryfHxZ+QFDqqiciCctoOGzasouYdCQN1c=
Subject key identifier:   01:73:5B:14:C5:61:D5:39:39:70:D9:72:91:4D:72:9B:90:73:C0:B7
Certificate issuer:       /CN=9301ea05963c9756f28ee2e98b8f3cc479dc9f58
Certificate serial:       018CC795443654772EC8F9C8C743A7AFE3A5
Authority key identifier: 93:01:EA:05:96:3C:97:56:F2:8E:E2:E9:8B:8F:3C:C4:79:DC:9F:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kwHqBZY8l1byjuLpi488xHncn1g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/ebf6cb-a779-464f-8bee-8f08e0272df8/1/AXNbFMVh1Tk5cNlykU1ym5BzwLc.roa
Signing time:             Tue 02 Jan 2024 00:31:37 +0000
ROA not before:           Tue 02 Jan 2024 00:31:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        185.176.100.0/24 maxlen: 24
                          185.176.103.0/24 maxlen: 24
                          185.176.101.0/24 maxlen: 24
                          185.176.102.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/ebf6cb-a779-464f-8bee-8f08e0272df8/1/kwHqBZY8l1byjuLpi488xHncn1g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/ebf6cb-a779-464f-8bee-8f08e0272df8/1/kwHqBZY8l1byjuLpi488xHncn1g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kwHqBZY8l1byjuLpi488xHncn1g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:44:36:54:77:2e:c8:f9:c8:c7:43:a7:af:e3:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9301ea05963c9756f28ee2e98b8f3cc479dc9f58
        Validity
            Not Before: Jan  2 00:31:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=01735b14c561d5393970d972914d729b9073c0b7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ee:b5:1c:f8:dd:5e:20:88:9c:4a:89:3d:c2:88:
                    ff:42:2b:1b:f8:c2:b0:7f:20:ce:97:f5:3e:d5:c7:
                    67:21:a2:72:50:12:99:0c:b5:15:4a:52:7e:d7:e6:
                    18:5c:f9:db:40:75:94:27:1f:7f:e1:ee:11:39:a1:
                    16:81:cf:94:bf:0e:12:59:7b:f3:9e:8a:0e:d6:26:
                    a2:51:77:c2:ff:e2:6f:50:02:14:dc:73:9f:95:a8:
                    83:fc:0f:24:be:10:da:a3:65:92:53:76:f1:cd:43:
                    96:08:20:5f:fb:a7:dd:6f:01:88:ae:05:19:60:3e:
                    cc:22:81:ac:e9:1b:16:1c:2b:60:3f:48:9d:96:a4:
                    1a:b1:50:09:62:a4:18:51:bc:55:b1:85:39:39:0b:
                    cb:0a:80:57:72:5e:c4:85:0a:9e:b4:91:b0:f7:50:
                    7c:0c:48:fa:7c:a4:e9:e9:96:10:e6:a0:8f:18:02:
                    8d:6b:11:25:7a:99:4b:18:5d:fe:39:a1:96:5d:56:
                    fa:dc:3f:bc:28:51:84:dd:68:69:5c:ae:72:66:df:
                    fc:f5:00:a1:04:f4:18:ec:b3:af:0d:c6:4b:f0:af:
                    bf:00:9a:56:39:85:33:99:e9:e8:d4:6b:0f:02:e0:
                    b1:e8:51:36:36:85:16:46:d2:39:cd:21:c2:28:80:
                    65:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:73:5B:14:C5:61:D5:39:39:70:D9:72:91:4D:72:9B:90:73:C0:B7
            X509v3 Authority Key Identifier:
                keyid:93:01:EA:05:96:3C:97:56:F2:8E:E2:E9:8B:8F:3C:C4:79:DC:9F:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kwHqBZY8l1byjuLpi488xHncn1g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/ebf6cb-a779-464f-8bee-8f08e0272df8/1/AXNbFMVh1Tk5cNlykU1ym5BzwLc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/ebf6cb-a779-464f-8bee-8f08e0272df8/1/kwHqBZY8l1byjuLpi488xHncn1g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.176.100.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3b:72:1c:3b:8c:1d:bd:d3:2f:70:e5:d4:16:cb:ed:93:fb:91:
         51:23:d9:dd:d4:3b:f4:0d:da:48:62:c0:84:14:d9:59:16:f0:
         2b:e5:34:c7:dc:03:1b:98:bb:e3:b5:d6:95:fd:96:5a:fe:5b:
         d8:81:e6:9c:61:94:00:f2:89:fa:67:da:2c:79:64:3c:3a:09:
         c8:ba:7d:86:e2:59:e0:4c:71:fd:69:2a:62:f5:f3:f2:70:38:
         92:ae:eb:92:4d:2a:7c:69:8a:bc:3e:87:43:11:68:a0:28:3d:
         e3:26:31:11:f2:e3:bc:af:d8:57:89:82:29:14:03:a5:25:f0:
         fa:ae:ff:0f:96:19:09:af:92:4c:6b:82:49:5b:e4:d8:d0:da:
         a1:f4:f5:e4:58:27:ec:e0:c5:6c:93:a8:f1:cd:28:c6:93:c9:
         aa:ad:fa:06:96:10:80:d8:5d:be:24:49:30:07:75:d7:30:ea:
         c9:f2:ed:a4:5c:c1:ac:f3:f8:e7:de:f6:28:ff:83:df:65:b6:
         c8:56:0f:7a:e2:20:ac:7b:34:10:2c:1b:21:0f:a4:9b:fc:8f:
         5d:87:9c:6d:7a:7b:40:38:7c:05:f7:fa:9c:33:89:77:1f:fd:
         86:b9:ae:37:08:b1:84:df:63:39:cb:96:4d:21:81:3d:ce:2e:
         74:eb:73:d9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlUQ2VHcuyPnIx0Onr+OlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzMDFlYTA1OTYzYzk3NTZmMjhlZTJlOThiOGYzY2M0Nzlk
YzlmNTgwHhcNMjQwMTAyMDAzMTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMTczNWIxNGM1NjFkNTM5Mzk3MGQ5NzI5MTRkNzI5YjkwNzNjMGI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7rUc+N1eIIicSok9woj/Qisb+MKw
fyDOl/U+1cdnIaJyUBKZDLUVSlJ+1+YYXPnbQHWUJx9/4e4ROaEWgc+Uvw4SWXvz
nooO1iaiUXfC/+JvUAIU3HOflaiD/A8kvhDao2WSU3bxzUOWCCBf+6fdbwGIrgUZ
YD7MIoGs6RsWHCtgP0idlqQasVAJYqQYUbxVsYU5OQvLCoBXcl7EhQqetJGw91B8
DEj6fKTp6ZYQ5qCPGAKNaxEleplLGF3+OaGWXVb63D+8KFGE3WhpXK5yZt/89QCh
BPQY7LOvDcZL8K+/AJpWOYUzmeno1GsPAuCx6FE2NoUWRtI5zSHCKIBlWwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAFzWxTFYdU5OXDZcpFNcpuQc8C3MB8GA1UdIwQY
MBaAFJMB6gWWPJdW8o7i6YuPPMR53J9YMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva3dIcUJaWThsMWJ5anVMcGk0ODh4SG5jbjFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC9lYmY2Y2ItYTc3OS00NjRmLThiZWUt
OGYwOGUwMjcyZGY4LzEvQVhOYkZNVmgxVGs1Y05seWtVMXltNUJ6d0xjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC9lYmY2Y2ItYTc3OS00NjRmLThiZWUtOGYwOGUwMjcyZGY4
LzEva3dIcUJaWThsMWJ5anVMcGk0ODh4SG5jbjFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCubBkMA0G
CSqGSIb3DQEBCwUAA4IBAQA7chw7jB290y9w5dQWy+2T+5FRI9nd1Dv0DdpIYsCE
FNlZFvAr5TTH3AMbmLvjtdaV/ZZa/lvYgeacYZQA8on6Z9oseWQ8OgnIun2G4lng
THH9aSpi9fPycDiSruuSTSp8aYq8PodDEWigKD3jJjER8uO8r9hXiYIpFAOlJfD6
rv8PlhkJr5JMa4JJW+TY0Nqh9PXkWCfs4MVsk6jxzSjGk8mqrfoGlhCA2F2+JEkw
B3XXMOrJ8u2kXMGs8/jn3vYo/4PfZbbIVg964iCsezQQLBshD6Sb/I9dh5xtentA
OHwF9/qcM4l3H/2Gua43CLGE32M5y5ZNIYE9zi5063PZ
-----END CERTIFICATE-----